Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MikroORM has Prototype Pollution in Utils.merge
Vulnerability Description
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a prototype pollution vulnerability exists in the Utils.merge helper used internally by MikroORM when merging object structures. The function did not prevent special keys such as __proto__, constructor, or prototype, allowing attacker-controlled input to modify the JavaScript object prototype when merged. This issue has been patched in versions 6.6.10 and 7.0.6.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
MikroORM 安全漏洞
Vulnerability Description
MikroORM是MikroORM开源的一个支持多数据库的类型安全对象关系映射框架。 MikroORM 6.6.10之前版本和7.0.6之前版本存在安全漏洞,该漏洞源于Utils.merge辅助函数未阻止特殊键,可能导致原型污染。
CVSS Information
N/A
Vulnerability Type
N/A